Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
Microsoft Office Excel Allows Code Execution via Local Data
CVE-2026-26107
Summary
A vulnerability in Microsoft Office Excel could allow an attacker to run malicious code on a victim's computer without permission. This could happen if a user opens a specially crafted Excel file. To protect yourself, make sure to only open files from trusted sources and avoid opening files from unknown or untrusted locations.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| microsoft | 365_apps | All versions | – |
| microsoft | 365_apps | All versions | – |
| microsoft | excel | 2016 | – |
| microsoft | excel | 2016 | – |
| microsoft | office | 2019 | – |
| microsoft | office | 2019 | – |
| microsoft | office_long_term_servicing_channel | 2021 | – |
| microsoft | office_long_term_servicing_channel | 2021 | – |
| microsoft | office_long_term_servicing_channel | 2021 | – |
| microsoft | office_long_term_servicing_channel | 2024 | – |
| microsoft | office_long_term_servicing_channel | 2024 | – |
| microsoft | office_long_term_servicing_channel | 2024 | – |
| microsoft | office_online_server | <= 16.0.10417.20102 | – |
Original title
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Original description
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
nvd CVSS3.1
7.8
Vulnerability type
CWE-416
Use After Free
Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026